What s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted



Similar documents
RSA Security Analytics

Detect & Investigate Threats. OVERVIEW

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Data Science Transforming Security Operations

QRadar SIEM and FireEye MPS Integration

Discover & Investigate Advanced Threats. OVERVIEW

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

The session is about to commence. Please switch your phone to silent!

DYNAMIC DNS: DATA EXFILTRATION

Security Analytics Topology

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

What is Security Intelligence?

Security Analytics for Smart Grid

IBM Security IBM Corporation IBM Corporation

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

THE EVOLUTION OF SIEM

Forcepoint Stonesoft Management Center

RSA Security Analytics Security Analytics System Overview

Getting Ahead of Advanced Threats

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM SECURITY QRADAR INCIDENT FORENSICS

Rashmi Knowles Chief Security Architect EMEA

Q1 Labs Corporate Overview

Advanced Threats: The New World Order

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

The SIEM Evaluator s Guide

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

August Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

McAfee Security. Management Client

Information Technology Policy

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Bridging the gap between COTS tool alerting and raw data analysis

Find the needle in the security haystack

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

IBM QRadar Security Intelligence April 2013

How to Choose the Right Security Information and Event Management (SIEM) Solution

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Information-driven Security and RSA Security Analytics and RSA ECAT

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Vendor Landscape: Security Information & Event Management (SIEM)

Vulnerability Management

The webinar will begin shortly

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

How To Manage Sourcefire From A Command Console

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

QRadar SIEM and Zscaler Nanolog Streaming Service

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Log Management and SIEM Evaluation Checklist

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

How To Create Situational Awareness

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Intelligence Driven Security

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

RSA Security Analytics Certified Administrator (CA) Certification Examination Study Guide

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Combating a new generation of cybercriminal with in-depth security monitoring

Ben Hall Technical Pre-Sales Manager Barry Kew Pre-Sales Consultant

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

RSA Security Anatomy of an Attack Lessons learned

Using SIEM for Real- Time Threat Detection

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

RSA envision to RSA Security Analytics. Successful Migration in a Managed Environment

Best Practices to Improve Breach Readiness

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

How To Manage Security On A Networked Computer System

IBM Security QRadar SIEM Product Overview

The Purview Solution Integration With Splunk

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

Capitalize on Big Data for Competitive Advantage with Bedrock TM, an integrated Management Platform for Hadoop Data Lakes

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

The Cloud App Visibility Blindspot

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Scalability in Log Management

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

Eight Essential Elements for Effective Threat Intelligence Management May 2015

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

XpoLog Competitive Comparison Sheet

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum

Extending security intelligence with big data solutions

Symantec Cyber Security Services: DeepSight Intelligence

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

High End Information Security Services

Transcription:

What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted

Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2

TRANSFORM Visibility Analysis Intelligence-Driven Security Action 3

Security Analytics 10.4 Delivers.. Complete Visibility Rapid Investigations SIEM & Beyond Analytics Prioritized Incident Management Scalable and Modular Platform 4

5

Complete Visibility & Rapid Investigations 6

Expanded Collection Options 10G Support Netflow v5 and v9 Support Less critical network segments Internal network segments to gain insight into lateral movement activity Support 250+ Log Sources Support for CEF formatted logs Centralized Event Source Monitoring Improved Windows collection from multiple domains 7

Enhanced Network Investigations Accelerated UI performance Improved Session Reconstruction Streamlined analyst workflow Enhanced search functionality Choose to search on Meta, RAW, or all data Over 30+ Usability enhancement to improve day to day investigations. 8

Intellisense for advanced query search 9

Leveraging Meta Groups to Query 10

Enhanced Search Capabilities 11

Enhanced Content Search - Logs 12

Investigation ECAT Lookup 13

SIEM and Beyond Analytics 14

Event Stream Analytics SA s Real-Time Detection and Correlation Engine. Packets Correlates Logs, Packets, Netflow and Endpoint Meta Leverages RSA provided detection rules via Live Logs NetFlow LIVE Alerts User-configurable rule-builder Scales to 100k EPS per Appliance Endpoint 15

Centralized Rule Management 16

Alert Enrichment Options Flexible enrichment options: 3 rd party database queries Static tables & CSV files Geo/IP lookup Results from Advanced Analytics Requires Analytics Warehouse 17

Enhanced Notification Capabilities Leverage ESA generated Alerts with existing tools or as part of SA s Incidents. Flexible notification options: E-mail SNMP Syslog to include CEF format User-defined Script User Configurable Templates 18

Malware Analytics Updates Introducing Malware Dashboards with user-configurable thresholds Ability to integrate Malware Analytics into Incident Management feature Streamlined file submission capabilities Adhoc and Folder ingest. File Browser re-introduced with improved results & filter options 19

Data Science Driven Advanced Analytics Identify Outlier activity that could be indicative of under the radar threat activity Generate a Risk Rating based on nature of Anomaly Includes reports that Analysts can leverage to investigate. Introducing 3 BETA Analytics Models: Suspicious Domains Suspicious DNS Activity Host Profile Requires: Either MAPR or Pivotal HD Analytics Warehouse Packet Meta for at least 7, ideally 30 days. 20

Enabling Better Detection with Content Monthly Reports and Analytics content to deliver more value to customers. Over 195 application rules, 75 correlation rules. Several high profile specific threat updates: Heartbleed, IE9 Zero Day Game Over Zeus Shell crew Boleto Fraud Ring Many More in the Pipeline Future focus on Identity, Cloud and Expanded Threat Indicators SA Nailed it! RSA Security Analytics provided us the best view of attempts and issues on our network, better than any other product. 21

Prioritized Incident Management 22

Incident Management Event Stream Analytics ECAT Malware Analysis Investigations (Adhoc) 23

Incident Management Capabilities Streamlines analyst workflow, highlighting value of SA Assign, update and track incidents and journal natively in product Aggregates alerts from logs, packets, malware analysis and endpoint data into prioritized incidents Quickly take action directly from the investigation workflow Incident Management is a Feature of Event Stream Analytics 24

Centralized Alert Browser 25

Configurable Incident Correlation Rules 26

Centralized Incident Queue 27

Incident Workflow 28

Create and Assign from Investigation 29

User-Configured Incident Notifications 30

Workflow Integration Options Integrates with RSA Security Operations Management (SecOps) SA forwards alerts and associated events Capability to disable SA incident workflow to eliminate competing workflow queues Options to integrate with 3 rd party workflow tools. 31

Platform Enhancements 32

Platform Enhancements Centralized SA Health & Wellness Streamlined update infrastructure Centralized user management Support for SecurID Two-Factor Authentication (2FA) Archiver Back-up & restore options Upgraded storage options 33

Scalable & Modular Architecture 34

RSA Security Analytics Architecture Visibility LIVE Analysis Action Packets Capture Time Data Enrichment Logs LIVE Security Operations Security Operations LIVE NetFlow Endpoint RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Feeds Reports RSA Research 35

For More Details.. Global Summit Session Podcasts http://globalsummit.rsa.com/ Security Analytics Community http://rsa.im/sacommunity RSA Speaking of Security Blog http://blogs.rsa.com Release Notes & User Documentation Both published as part of GA release later this month 36

THANK YOU

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information